{"id":42540,"date":"2023-12-05T10:31:42","date_gmt":"2023-12-05T15:31:42","guid":{"rendered":"https:\/\/netfoundry.io\/?p=42540"},"modified":"2024-12-05T10:32:28","modified_gmt":"2024-12-05T15:32:28","slug":"a-zero-trust-journey-transparent-bastions","status":"publish","type":"post","link":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/","title":{"rendered":"A Zero Trust Journey: Transparent Bastions"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Welcome to Part 2 of our Zero Trust Journey!<\/strong> This article focuses on applying the principle of zero trust to our existing platform infrastructure. By the end, production databases and SSH servers will only be accessible through the OpenZiti Network, effectively eliminating network exposure to both public and private anonymous clients.<\/p>\n

In case you missed Part 1<\/a>,<\/strong> we began with a common defensive strategy: using a bastion host as an SSH jump box and proxy to shield a private zone from direct internet exposure. By implementing OpenZiti, we transformed the SSH bastion host into a \u201cdark\u201d asset on all networks while maintaining normal functionality\u2014a concept we call Bastion Dark Mode<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"NetFoundry\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In this discussion, we\u2019ll continue the bastion pattern: a host with special network access depicted in the diagrams as being behind the firewall. We\u2019ll remove the dark SSH bastion from our OpenZiti overlay and use an OpenZiti Router that is logically transparent to the client.\u00a0<\/p>\n

Dark bastions are great, but transparent bastions are even more flexible and much more convenient. Dark bastions allowed us to continue using our existing SSH proxy configurations without interrupting business as usual. This was important for the transition to dark bastions. After making our bastions dark, we realized the security provided by those SSH proxies would be made entirely redundant if we were to apply OpenZiti to the connection! So that\u2019s what we set out to do.\u00a0<\/p>\n

Transparent bastions allow us to connect to our protected resources without a client proxy configuration: no more SSH jump box. Additionally, there are certain problems that dark bastions never solved. For example,\u00a0How can we send GitHub webhooks to our private Jenkins server?\u00a0<\/i>It just didn\u2019t make sense to send the webhooks over SSH through a dark SSH bastion, so we used a GitHub Action built with OpenZiti\u2019s NodeJS SDK to send the webhooks to Jenkins. You can read about how that works here<\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Let\u2019s Talk Proxies<\/b><\/h3>\n

When it comes to proxies there are two types, forward and reverse. A forward proxy is considered opaque because it requires the client to know the URL of the proxy in order to access the target resource. A reverse proxy is considered transparent. A transparent proxy does not require the client to be configured at all, so the user may not realize they are using a proxy.\u00a0<\/p>\n

When you say \u201cproxy\u201d out of context I would probably guess you\u2019re talking about an opaque forward proxy, and an SSH bastion, i.e. jump box, is one example. Using a typical (opaque forward) HTTP proxy with your browser requires you to configure it with the URL of the proxy. In that sense, your browser is aware of the proxy and \u201csees\u201d all requests and responses handled through that proxy, not the web server itself. It only sees the proxy, so the proxy is opaque. All requests are sent to the proxy which then selectively forwards the request to the destination.\u00a0<\/p>\n

A reverse proxy on the other hand is positioned as a transparent receiver in front of the application server and clients don\u2019t need any special configuration. A load balancer is an example of a transparent reverse proxy. The client only \u201csees\u201d the web server, so the proxy is transparent.<\/p>\n

A proxy is a means to an end, and a transparent proxy means you\u2019ve eliminated a step because it just works without a special client configuration. You might even forget you\u2019re connecting through a transparent proxy. This is great for the bastion use case\u00a0because the user knows what they\u2019re trying to connect to and doesn\u2019t care how they get there.<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Using the Transparent Bastion<\/b><\/h3>\n

From my perspective as a user, I don\u2019t need to know anything about the transparent bastion to use it effectively. To start using the transparent bastion seamlessly I just need to stop using the opaque SSH bastion!\u00a0<\/p>\n

Let\u2019s say I\u2019m using the laptop device shown on the left side of the diagram. In the episode 1 configuration, I used an SSH jump box configuration to reach our resources. An example configuration for a resource that is an SQL server is to save the SSH bastion\u2019s domain name and my proxy username and private key file path into my SQL client application.<\/p>\n

My OpenZiti badge there represents my tunneler which is the OpenZiti agent on my computer. I\u2019ve been issued an identity for that tunneler which I have loaded. With that one step completed any application on my computer has access to the resources shown on the right side of the diagram. I no longer need an SSH jump box or proxy of any kind. The bastion is shown in the diagram below, but I don\u2019t see it as a user because it\u2019s part of the OpenZiti overlay which is transparent from one edge to the other.<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"NetFoundry\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Setting up OpenZiti Services<\/b><\/h3>\n

A prerequisite for a direct, transparent connection is an OpenZiti service that specifies the destination. For now, we will be creating the few services we have manually. We plan to use the NetFoundry API to automate setting up these services in the future when we have a less static set of resources.\u00a0<\/p>\n

Fortunately, it\u2019s a one-time cost for each destination. When I want to SSH to a particular host or connect to a particular SQL server then I need to take a one-time administrative step in the NetFoundry web console to specify that connection. Here\u2019s one example of specifying a production database server as a Ziti service.<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"NetFoundry\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
    \n
  1. Apply some hashtag role attributes so that my new service aligns with the existing service policy for production databases.<\/li>\n
  2. Define a domain name and port pair that clients will use to connect to this service. This could be a fictitious name or the real name of the server.<\/li>\n
  3. Select the bastion host that has access to the application server we\u2019re specifying.<\/li>\n
  4. Define the real domain name and port of the application server from the perspective of the bastion host where ziti-router is running.<\/li>\n<\/ol>\n

    Reference: Support Hub<\/a> article about creating services and role attributes.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Going Further with OpenZiti<\/b><\/h3>\n

    Transparent bastions are powerful and flexible, but there\u2019s still a fundamental weakness in the bastion pattern. A bastion is a castle and once the enemy is inside the walls they can attack vulnerable resources directly. In our case, this could happen if the device where ziti-router software is running were compromised. The vulnerability exists in the leg of the journey between the OpenZiti router and the protected resources behind the firewall. That segment is protected only by the firewall, not OpenZiti. More complete adoption of zero trust will shrinkwrap the lines of defense around the defended resources so that it\u2019s no longer possible to breach the firewall that creates our security zone and gain broad access to everything inside.<\/p>\n

    The next stop in our journey will be to extend the edge of the OpenZiti network to the protected resources. Then the OpenZiti connection will terminate on the same device where the resource is located, or inside a more narrow slice of the network if co-residency on the device is not practical as is the case for some cloud provider services where the endpoint is not a \u201cdevice\u201d, per se. We\u2019ll need to install OpenZiti software and enroll an identity for each resource e.g. each SSH server, which will certainly entail some new automation with the NetFoundry API.<\/p>\n

    <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    Welcome to Part 2 of our Zero Trust Journey! This article focuses on applying the principle of zero trust to our existing platform infrastructure. By the end, production databases and SSH servers will only be accessible through the OpenZiti Network, effectively eliminating network exposure to both public and private anonymous clients. In case you missed […]<\/p>\n","protected":false},"author":92,"featured_media":42545,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[477],"tags":[968,966,967,965,962,964,857,958,963],"class_list":["post-42540","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zero-trust","tag-bastion-host-alternatives","tag-bastion-host-security","tag-devops-bastion-tools","tag-secure-bastion-access","tag-secure-remote-management","tag-transparent-bastions","tag-zero-trust-architecture","tag-zero-trust-bastion","tag-zero-trust-remote-access"],"yoast_head":"\nA Zero Trust Journey: Transparent Bastions<\/title>\n<meta name=\"description\" content=\"Discover how Transparent Bastions redefine secure remote access with Zero Trust, eliminating risks and enhancing DevOps security workflows.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Zero Trust Journey: Transparent Bastions\" \/>\n<meta property=\"og:description\" content=\"Discover how Transparent Bastions redefine secure remote access with Zero Trust, eliminating risks and enhancing DevOps security workflows.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/\" \/>\n<meta property=\"og:site_name\" content=\"NetFoundry\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/netfoundry.io\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-05T15:31:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-05T15:32:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/netfoundry.io\/wp-content\/uploads\/2024\/12\/a-zero-trust-journey-transparent-bastions.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"804\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Philip Griffiths\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@netfoundry\" \/>\n<meta name=\"twitter:site\" content=\"@netfoundry\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Philip Griffiths\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/\"},\"author\":{\"name\":\"Philip Griffiths\",\"@id\":\"https:\\\/\\\/netfoundry.io\\\/#\\\/schema\\\/person\\\/2020f6a86319585ac99dc3262fb40673\"},\"headline\":\"A Zero Trust Journey: Transparent Bastions\",\"datePublished\":\"2023-12-05T15:31:42+00:00\",\"dateModified\":\"2024-12-05T15:32:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/\"},\"wordCount\":1252,\"publisher\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/netfoundry.io\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/a-zero-trust-journey-transparent-bastions.jpg\",\"keywords\":[\"Bastion host alternatives\",\"Bastion host security\",\"DevOps bastion tools\",\"Secure bastion access\",\"Secure remote management\",\"Transparent bastions\",\"Zero Trust Architecture\",\"Zero Trust Bastion\",\"Zero Trust remote access\"],\"articleSection\":[\"Zero Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/\",\"url\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/\",\"name\":\"A Zero Trust Journey: Transparent Bastions\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/netfoundry.io\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/a-zero-trust-journey-transparent-bastions.jpg\",\"datePublished\":\"2023-12-05T15:31:42+00:00\",\"dateModified\":\"2024-12-05T15:32:28+00:00\",\"description\":\"Discover how Transparent Bastions redefine secure remote access with Zero Trust, eliminating risks and enhancing DevOps security workflows.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/#primaryimage\",\"url\":\"https:\\\/\\\/netfoundry.io\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/a-zero-trust-journey-transparent-bastions.jpg\",\"contentUrl\":\"https:\\\/\\\/netfoundry.io\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/a-zero-trust-journey-transparent-bastions.jpg\",\"width\":1536,\"height\":804,\"caption\":\"NetFoundry | A Zero Trust Journey: Transparent Bastions\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/netfoundry.io\\\/zero-trust\\\/a-zero-trust-journey-transparent-bastions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/netfoundry.io\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Zero Trust Journey: Transparent Bastions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/netfoundry.io\\\/#website\",\"url\":\"https:\\\/\\\/netfoundry.io\\\/\",\"name\":\"NetFoundry\",\"description\":\"Identity-First\u2122 Networking\",\"publisher\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/netfoundry.io\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/netfoundry.io\\\/#organization\",\"name\":\"NetFoundry\",\"url\":\"https:\\\/\\\/netfoundry.io\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/netfoundry.io\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/netfoundry.io\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/netfoundry-icon-color.png\",\"contentUrl\":\"https:\\\/\\\/netfoundry.io\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/netfoundry-icon-color.png\",\"width\":512,\"height\":512,\"caption\":\"NetFoundry\"},\"image\":{\"@id\":\"https:\\\/\\\/netfoundry.io\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/netfoundry.io\",\"https:\\\/\\\/x.com\\\/netfoundry\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/netfoundry\\\/\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCGN6PFj1rZu50yme9YsICmg\",\"https:\\\/\\\/www.instagram.com\\\/netfoundry.io\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/netfoundry.io\\\/#\\\/schema\\\/person\\\/2020f6a86319585ac99dc3262fb40673\",\"name\":\"Philip Griffiths\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dca9b7a1e6d3a47ce3440cd0d6e3d5362df9613f48558fd1dd0ce8816f7c70af?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dca9b7a1e6d3a47ce3440cd0d6e3d5362df9613f48558fd1dd0ce8816f7c70af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dca9b7a1e6d3a47ce3440cd0d6e3d5362df9613f48558fd1dd0ce8816f7c70af?s=96&d=mm&r=g\",\"caption\":\"Philip Griffiths\"},\"url\":\"https:\\\/\\\/netfoundry.io\\\/author\\\/philip-griffiths\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"A Zero Trust Journey: Transparent Bastions","description":"Discover how Transparent Bastions redefine secure remote access with Zero Trust, eliminating risks and enhancing DevOps security workflows.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/","og_locale":"en_US","og_type":"article","og_title":"A Zero Trust Journey: Transparent Bastions","og_description":"Discover how Transparent Bastions redefine secure remote access with Zero Trust, eliminating risks and enhancing DevOps security workflows.","og_url":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/","og_site_name":"NetFoundry","article_publisher":"https:\/\/www.facebook.com\/netfoundry.io","article_published_time":"2023-12-05T15:31:42+00:00","article_modified_time":"2024-12-05T15:32:28+00:00","og_image":[{"width":1536,"height":804,"url":"https:\/\/netfoundry.io\/wp-content\/uploads\/2024\/12\/a-zero-trust-journey-transparent-bastions.jpg","type":"image\/jpeg"}],"author":"Philip Griffiths","twitter_card":"summary_large_image","twitter_creator":"@netfoundry","twitter_site":"@netfoundry","twitter_misc":{"Written by":"Philip Griffiths","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/#article","isPartOf":{"@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/"},"author":{"name":"Philip Griffiths","@id":"https:\/\/netfoundry.io\/#\/schema\/person\/2020f6a86319585ac99dc3262fb40673"},"headline":"A Zero Trust Journey: Transparent Bastions","datePublished":"2023-12-05T15:31:42+00:00","dateModified":"2024-12-05T15:32:28+00:00","mainEntityOfPage":{"@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/"},"wordCount":1252,"publisher":{"@id":"https:\/\/netfoundry.io\/#organization"},"image":{"@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/#primaryimage"},"thumbnailUrl":"https:\/\/netfoundry.io\/wp-content\/uploads\/2024\/12\/a-zero-trust-journey-transparent-bastions.jpg","keywords":["Bastion host alternatives","Bastion host security","DevOps bastion tools","Secure bastion access","Secure remote management","Transparent bastions","Zero Trust Architecture","Zero Trust Bastion","Zero Trust remote access"],"articleSection":["Zero Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/","url":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/","name":"A Zero Trust Journey: Transparent Bastions","isPartOf":{"@id":"https:\/\/netfoundry.io\/#website"},"primaryImageOfPage":{"@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/#primaryimage"},"image":{"@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/#primaryimage"},"thumbnailUrl":"https:\/\/netfoundry.io\/wp-content\/uploads\/2024\/12\/a-zero-trust-journey-transparent-bastions.jpg","datePublished":"2023-12-05T15:31:42+00:00","dateModified":"2024-12-05T15:32:28+00:00","description":"Discover how Transparent Bastions redefine secure remote access with Zero Trust, eliminating risks and enhancing DevOps security workflows.","breadcrumb":{"@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/#primaryimage","url":"https:\/\/netfoundry.io\/wp-content\/uploads\/2024\/12\/a-zero-trust-journey-transparent-bastions.jpg","contentUrl":"https:\/\/netfoundry.io\/wp-content\/uploads\/2024\/12\/a-zero-trust-journey-transparent-bastions.jpg","width":1536,"height":804,"caption":"NetFoundry | A Zero Trust Journey: Transparent Bastions"},{"@type":"BreadcrumbList","@id":"https:\/\/netfoundry.io\/zero-trust\/a-zero-trust-journey-transparent-bastions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/netfoundry.io\/"},{"@type":"ListItem","position":2,"name":"A Zero Trust Journey: Transparent Bastions"}]},{"@type":"WebSite","@id":"https:\/\/netfoundry.io\/#website","url":"https:\/\/netfoundry.io\/","name":"NetFoundry","description":"Identity-First\u2122 Networking","publisher":{"@id":"https:\/\/netfoundry.io\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/netfoundry.io\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/netfoundry.io\/#organization","name":"NetFoundry","url":"https:\/\/netfoundry.io\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/netfoundry.io\/#\/schema\/logo\/image\/","url":"https:\/\/netfoundry.io\/wp-content\/uploads\/2024\/08\/netfoundry-icon-color.png","contentUrl":"https:\/\/netfoundry.io\/wp-content\/uploads\/2024\/08\/netfoundry-icon-color.png","width":512,"height":512,"caption":"NetFoundry"},"image":{"@id":"https:\/\/netfoundry.io\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/netfoundry.io","https:\/\/x.com\/netfoundry","https:\/\/www.linkedin.com\/company\/netfoundry\/","https:\/\/www.youtube.com\/channel\/UCGN6PFj1rZu50yme9YsICmg","https:\/\/www.instagram.com\/netfoundry.io"]},{"@type":"Person","@id":"https:\/\/netfoundry.io\/#\/schema\/person\/2020f6a86319585ac99dc3262fb40673","name":"Philip Griffiths","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/dca9b7a1e6d3a47ce3440cd0d6e3d5362df9613f48558fd1dd0ce8816f7c70af?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/dca9b7a1e6d3a47ce3440cd0d6e3d5362df9613f48558fd1dd0ce8816f7c70af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/dca9b7a1e6d3a47ce3440cd0d6e3d5362df9613f48558fd1dd0ce8816f7c70af?s=96&d=mm&r=g","caption":"Philip Griffiths"},"url":"https:\/\/netfoundry.io\/author\/philip-griffiths\/"}]}},"_links":{"self":[{"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/posts\/42540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/users\/92"}],"replies":[{"embeddable":true,"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/comments?post=42540"}],"version-history":[{"count":0,"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/posts\/42540\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/media\/42545"}],"wp:attachment":[{"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/media?parent=42540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/categories?post=42540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/netfoundry.io\/wp-json\/wp\/v2\/tags?post=42540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}